-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathaction.yml
More file actions
100 lines (90 loc) · 3.41 KB
/
action.yml
File metadata and controls
100 lines (90 loc) · 3.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: "mobbdev"
description: "Mobb automatic vulnerability fixer action"
branding:
icon: aperture
color: blue
inputs:
report-file:
description: "Path to SAST report file"
required: true
api-key:
description: "Mobb API key"
required: true
github-token:
description: "GitaHub Token"
required: true
mobb-project-name:
description: "Mobb Project Name"
required: false
auto-pr:
description: "Auto-PR flag"
required: false
commit-directly:
description: "Commit Directly flag, this requires Auto-PR flag to be set. Once enabled, Mobb will commit the fixes directly to the branch"
required: false
organization-id:
description: "Organization ID"
required: false
outputs:
fix-report-url:
description: "Mobb fix report URL"
value: ${{ steps.run-npx-mobb-dev.outputs.fix-report-url }}
runs:
using: "composite"
steps:
- uses: actions/setup-node@v3.6.0
with:
node-version: 18
- id: run-npx-mobb-dev
run: |
REPO=$(git remote get-url origin)
REPO=${REPO%".git"}
BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
MobbExecString="npx --yes mobbdev@latest analyze --ci -r $REPO --ref $BRANCH --api-key ${{ inputs.api-key }} -f ${{ inputs.report-file }}"
# Check if mobb-project-name exists and append it
if [ -n "${{ inputs.mobb-project-name }}" ]; then
echo "mobb-project-name specified: ${{ inputs.mobb-project-name }}"
MobbExecString+=" --mobb-project-name \"${{ inputs.mobb-project-name }}\""
fi
# Check if organization-id exists and append it
if [ -n "${{ inputs.organization-id }}" ]; then
echo "organization-id specified: ${{ inputs.organization-id }}"
MobbExecString+=" --organization-id \"${{ inputs.organization-id }}\""
fi
# Check if auto-pr flag is set append it
if [ "${{ inputs.auto-pr }}" == "true" ]; then
echo "Auto-PR flag is set"
MobbExecString+=" --auto-pr"
fi
# Check if commit-directly flag is set append it to the Mobb CLI command
if [ "${{ inputs.commit-directly }}" == "true" ]; then
echo "Commit Directly flag is set"
MobbExecString+=" --commit-directly"
# Check if the action is running in the context of a pull request
if [ -n "${{ github.event.pull_request.number }}" ]; then
PR_ID="${{ github.event.pull_request.number }}"
echo "Pull Request ID detected: $PR_ID"
MobbExecString+=" --pr-id $PR_ID"
else
echo "No Pull Request detected. Skipping --pr-id flag."
fi
fi
# Output the final command string for debugging and execute it
echo "Mobb Command: $MobbExecString"
OUT=$(eval $MobbExecString)
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
exit $RETVAL
fi
OUT=$(echo $OUT | tr '\n' ' ')
MOBB_URL=$(echo "$OUT" | grep -oE 'https://[^ ]+' | head -1)
echo "fix-report-url=$MOBB_URL" >> $GITHUB_OUTPUT
echo "Mobb URL: $MOBB_URL"
shell: bash -l {0}
- uses: Sibz/github-status-action@v1
with:
authToken: ${{ inputs.github-token }}
context: "Mobb fix report link"
state: "success"
target_url: ${{ steps.run-npx-mobb-dev.outputs.fix-report-url }}
sha: ${{github.event.pull_request.head.sha || github.sha}}